Over a Quarter of Ransomware now targets Corporates

The number of ransomware attacks targeting business users in 2017 rose to 26% as the number of new families discovered halved, according to new stats released this week by Kaspersky Lab.

The Russian AV firm claimed that 26.2% of attacks over the past year were aimed at corporates, with just over 4% targeting SMBs.

This would seem to represent just a small increase from the 22.6% of attacks aimed at business users in 2016. However, the vendor said these figures didn’t include the three mega ransomware worm campaigns of WannaCry, NotPetya (ExPetr) and BadRabbit.

There are other signs of an evolution in the ransomware landscape: the number of new malware families discovered by Kaspersky Lab dropped from 62 last year to just 38 in 2017.

However, it appears as if cyber-criminals are instead looking to modify existing strains in order to bypass security filters: the number of mods grew from 54,000 last year to 96,000 this.

Ransomware remains a serious threat to organizations, with two-thirds (65%) of those hit claiming to have lost a “significant” amount or even all of their data. Even the 29% that managed to decrypt their data said they lost a “significant” number of files.

Over a third (36%) ignored the advice of police and security experts and paid the ransom, but one in six never managed to recover their data.

There are also signs that ransomware is having a longer-lasting impact on the victim organization: 34% claimed they took a week or longer to recover from such an incident, versus 29% in 2016.

“The headline attacks of 2017 are an extreme example of growing criminal interest in corporate targets. We spotted this trend in 2016, it has accelerated throughout 2017, and shows no signs of slowing down,” argued senior malware analyst, Fedor Sinitsyn.

“Business victims are remarkably vulnerable, can be charged a higher ransom than individuals and are often willing to pay up in order to keep the business operational. New business-focused infection vectors, such as through remote desktop systems are not surprisingly also on the rise.”

This vector became increasingly popular in 2017, used to spread Crysis, Purgen/GlobeImposter and Cryakl ransomware variants, among others.

However, there was some good last year, after decryption keys were published for strains including ES-NI, xdata, Petya/Mischa/GoldenEye and Crysis — although the latter was subsequently resurrected.

Have a question about how to protect yourself against ransomware – Contact us